How to verify a digital signature with openssl
I'm using a thirdparty credit card processing service (Paybox) that, after a successful transaction, redirects back to the website with a signature in the URL as a security measure to prevent people from manipulating data. It's supposed to prove that the request originated from this service. So my success URL looks something like this:
/success.php?signature=[HUGE HASH]
I have no idea where to start with verifying this signature. This service does provide a public key, and I assume I need to create a private key, but I don't know much beyond that.
I'm pretty good with linux, and I know I'll have to run some openssl commands. I'm writing the verification script in PHP, which als开发者_如何学Goo has native openssl() functions.
If anyone could please push me in the right direction with some pseudo code, or even functional code, I'd be very grateful. Thanks.
This is my code and it's work for me. Hope i can help you.
$sign = "28E5FA795590066E8402B529DB027B8D082A226BE6E53F80D41F763207A11EF9..."; // inline signature. I'm using SHA512
$cert = "your certification"; // ------BEGIN..... END..----
$data = "text"; // 64 charactor for SHA512. It's raw data, not hashed data
$pubkeyid = openssl_pkey_get_public($cert);
$ok = openssl_verify($data, hex2bin($sign), $pubkeyid,OPENSSL_ALGO_SHA512);
if($ok==1) return "Verify"; else return "Unverify";
You won't need any private key. The signature is made with Paybox's private key so you'll only need their public key
, the data they've signed
and the signature
. Check their documentation to see which part of the data they have signed.
The PHP manual contains a complete example in the documentation of openssl_verify.
You can use openssl_verify(), the following example is from Stiv @ php.net
<?php
// $data is assumed to contain the data to be signed
// fetch certificate from file and ready it
$fp = fopen("path/file.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
// state whether signature is okay or not
// use the certificate, not the public key
$ok = openssl_verify($data, $signature, $cert);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo "ugly, error checking signature";
}
?>
More info on openssl_verify() here: http://nl.php.net/openssl_verify
Paybox also has a zip file available for download on their site "Explications and samples to check digital sign with PAYBOX SYSTEM"
http://www1.paybox.com/telechargement_focus.aspx?cat=3
精彩评论